rtl-security-reviewlisted

# RTL Security Review ## Purpose Review RTL designs for security vulnerabilities including access control gate bypasses, insecure FSM transitions, timing-dependent information leakage, and unintended data paths. ## Scope Constraints Reads RTL source files (Verilog/SystemVerilog/VHDL), testbenches, and security policy documents. Does not modify RTL files or execute simulation. Does not access proprietary IP blocks outside the review scope. ## Inputs - RTL module(s) under review (Verilog/SystemVerilog/VHDL) - Security policy specification (what access controls should be enforced) - Trust boundary definitions (which interfaces are exposed to untrusted agents) - Intended FSM behavior and state transition rules ## Input Sanitization No user-provided values are used in commands or file paths. All inputs are treated as read-only analysis targets. ## Procedure ### Step 1: Identify Security-Critical RTL Modules Enumerate all modules that enforce security policies: access control checkers, permission registers, firewall/filter logic, key storage, crypto engines, interrupt controllers, debug interfaces. Classify each by the trust boundary it enforces. ### Step 2: Check Access Control Gates For each access control module, verify: - All paths through the logic respect the access policy (no bypass paths) - Default-deny: unrecognized requests are blocked, not passed through - Access checks happen before data is forwarded (no time-of-check/time-of-use gaps) - Reset state is secure (